Pentesting network services
Port numbers range from 1 to 65,535, with the range of well-known ports 1 to 1,023 being reserved for privileged services. Port 0 is a reserved port in TCP/IP networking and is not used in TCP or UDP messages. If anything attempts to bind to port 0 (such as a service), it will bind to the next available port above port 1,024 because port 0 is treated as a "wild card" port.
See Pentesting network services.
To locate easily one: https://www.cheatsheet.wtf/PortNumbers/
All ports in raw: https://raw.githubusercontent.com/maraisr/ports-list/master/all.csv.
TCP
Protocol | Acronym | Port | Description | Tools | |
---|---|---|---|---|---|
File Transfer Protocol | FTP |
20-21 |
Used to transfer files | ftp, lftp , ncftp, filezilla, crossftp | |
Secure Shell | SSH |
22 |
Secure remote login service | ||
Telnet | Telnet |
23 |
Remote login service | ||
Simple Network Management Protocol | SNMP |
161-162 |
Manage network devices | ||
Hyper Text Transfer Protocol | HTTP |
80 |
Used to transfer webpages | ||
Hyper Text Transfer Protocol Secure | HTTPS |
443 |
Used to transfer secure webpages | ||
Domain Name System | DNS |
53 |
Lookup domain names | ||
Trivial File Transfer Protocol | TFTP |
69 |
Used to transfer files | ||
Network Time Protocol | NTP |
123 |
Synchronize computer clocks | ||
Simple Mail Transfer Protocol | SMTP |
25 |
Used for email transfer | Thunderbird, Claws, Geary, MailSpring, mutt, mailutils, sendEmail, swaks, sendmail. | |
Post Office Protocol | POP3 |
110 |
Used to retrieve emails | ||
Internet Message Access Protocol | IMAP |
143 |
Used to access emails | ||
Server Message Block | SMB |
445 |
Used to transfer files | Samba Suite, smbclient, crackmapexec, SMBMap, smbexec.py, psexec.py, Impacket | |
Network File System | NFS |
111 , 2049 |
Used to mount remote systems | ||
Bootstrap Protocol | BOOTP |
67 , 68 |
Used to bootstrap computers | ||
Kerberos | Kerberos |
88 |
Used for authentication and authorization | ||
Lightweight Directory Access Protocol | LDAP |
389 |
Used for directory services | ||
Remote Authentication Dial-In User Service | RADIUS |
1812 , 1813 |
Used for authentication and authorization | ||
Dynamic Host Configuration Protocol | DHCP |
67 , 68 |
Used to configure IP addresses | ||
Remote Desktop Protocol | RDP |
3389 |
Used for remote desktop access | ||
Network News Transfer Protocol | NNTP |
119 |
Used to access newsgroups | ||
Remote Procedure Call | RPC |
135 , 137-139 |
Used to call remote procedures | ||
Identification Protocol | Ident |
113 |
Used to identify user processes | ||
Internet Control Message Protocol | ICMP |
0-255 |
Used to troubleshoot network issues | ||
Internet Group Management Protocol | IGMP |
0-255 |
Used for multicasting | ||
Oracle DB (Default/Alternative) Listener | oracle-tns |
1521 /1526 |
The Oracle database default/alternative listener is a service that runs on the database host and receives requests from Oracle clients. | ||
Ingres Lock | ingreslock |
1524 |
Ingres database is commonly used for large commercial applications and as a backdoor that can execute commands remotely via RPC. | ||
Squid Web Proxy | http-proxy |
3128 |
Squid web proxy is a caching and forwarding HTTP web proxy used to speed up a web server by caching repeated requests. | ||
Secure Copy Protocol | SCP |
22 |
Securely copy files between systems | ||
Session Initiation Protocol | SIP |
5060 |
Used for VoIP sessions | ||
Simple Object Access Protocol | SOAP |
80 , 443 |
Used for web services | ||
Secure Socket Layer | SSL |
443 |
Securely transfer files | ||
TCP Wrappers | TCPW |
113 |
Used for access control | ||
Network Time Protocol | NTP |
123 |
Synchronize computer clocks | ||
Internet Security Association and Key Management Protocol | ISAKMP |
500 |
Used for VPN connections | ||
Microsoft SQL Server | ms-sql-s |
1433 |
Used for client connections to the Microsoft SQL Server. | mssql-cli, mssqlclient.py, dbeaver | |
Kerberized Internet Negotiation of Keys | KINK |
892 |
Used for authentication and authorization | ||
Open Shortest Path First | OSPF |
520 |
Used for routing | ||
Point-to-Point Tunneling Protocol | PPTP |
1723 |
Is used to create VPNs | ||
Remote Execution | REXEC |
512 |
This protocol is used to execute commands on remote computers and send the output of commands back to the local computer. | ||
Remote Login | RLOGIN |
513 |
This protocol starts an interactive shell session on a remote computer. | ||
Remote Copy and Remote Shell | RCP and RSH |
514 | Copy a file or directory bidirectionally from the local system to the remote system (or vice versa) or from one remote system to another. It works like the cp command on Linux but provides no warning to the user for overwriting existing files on a system .Opens a shell on a remote machine without a login procedure. Relies upon the trusted entries in the /etc/hosts.equiv and .rhosts files for validation. |
||
X Window System | X11 |
6000 |
It is a computer software system and network protocol that provides a graphical user interface (GUI) for networked computers. | ||
Relational Database Management System | DB2 |
50000 |
RDBMS is designed to store, retrieve and manage data in a structured format for enterprise applications such as financial systems, customer relationship management (CRM) systems. |
UDP
Protocol | Acronym | Port | Description |
---|---|---|---|
Domain Name System | DNS |
53 |
It is a protocol to resolve domain names to IP addresses. |
Trivial File Transfer Protocol | TFTP |
69 |
It is used to transfer files between systems. |
Network Time Protocol | NTP |
123 |
It synchronizes computer clocks in a network. |
Simple Network Management Protocol | SNMP |
161 |
It monitors and manages network devices remotely. |
Routing Information Protocol | RIP |
520 |
It is used to exchange routing information between routers. |
Internet Key Exchange | IKE |
500 |
Internet Key Exchange |
Intelligent Platform Management Interface (IPMI) | IPMI |
623 , 1900 |
System management tool that provides sysadmins with the ability to manage and monitor systems even if they are powered off or in an unresponsive state. |
Bootstrap Protocol | BOOTP |
68 |
It is used to bootstrap hosts in a network. |
Dynamic Host Configuration Protocol | DHCP |
67 |
It is used to assign IP addresses to devices in a network dynamically. |
Telnet | TELNET |
23 |
It is a text-based remote access communication protocol. |
MySQL | MySQL |
3306 |
It is an open-source database management system. |
Terminal Server | TS |
3389 |
It is a remote access protocol used for Microsoft Windows Terminal Services by default. |
NetBIOS Name | netbios-ns |
137 |
It is used in Windows operating systems to resolve NetBIOS names to IP addresses on a LAN. |
Microsoft SQL Server | ms-sql-m |
1434 |
Used for the Microsoft SQL Server Browser service. |
Universal Plug and Play | UPnP |
1900 |
It is a protocol for devices to discover each other on the network and communicate. |
PostgreSQL | PGSQL |
5432 |
It is an object-relational database management system. |
Virtual Network Computing | VNC |
5900 |
It is a graphical desktop sharing system. |
X Window System | X11 |
6000-6063 |
It is a computer software system and network protocol that provides GUI on Unix-like systems. |
Syslog | SYSLOG |
514 |
It is a standard protocol to collect and store log messages on a computer system. |
Internet Relay Chat | IRC |
194 |
It is a real-time Internet text messaging (chat) or synchronous communication protocol. |
OpenPGP | OpenPGP |
11371 |
It is a protocol for encrypting and signing data and communications. |
Internet Protocol Security | IPsec |
500 |
IPsec is also a protocol that provides secure, encrypted communication. It is commonly used in VPNs to create a secure tunnel between two devices. |
Internet Key Exchange | IKE |
11371 |
It is a protocol for encrypting and signing data and communications. |
X Display Manager Control Protocol | XDMCP |
177 |
XDMCP is a network protocol that allows a user to remotely log in to a computer running the X11. |